Schneier on Security

Clive Robinson • December 16, 2017 2:26 AM

@ oh really, Sancho_P, Wael,

There are plenty of non-scumbags who know how these things work who can be hired for that.

Whilst that might be true, they were not getting hired to solve the gaping security faults, were they…

The point is most Internet vulnerabilities at the protocol and standards layers have been there since day one. Because they were quite deliberately built in from day zero.

It was almost certainly not done maliciously but to “solve problems within resource constraints” that no longer apply.

The thing is nobody wants to spend money to solve these problems, usually portrayed with the excuse of “don’t break legacy systems” as it’s the almost perfect “get out clause”. As well as the biggest soirce of not just technical debt but building in security vulnerabilities across the board.

Since these three individuals dod what they did they kicked the “don’t break legacy systems” argument “out the park” because they demonstrated beyond any reasonable doubt that “All systems are broken”…

No they are not heros, yes they are villains, but then so are the people who sat on their hands quite deliberatly not doing the clean up they should have been doing… The trouble is that the later set of villains get to not just go home at night, but also to carry on sitting on their hands looking the other way.

Thus continuing to not hire the “plenty of non-scumbags who know how these things work” and could fix them befor yet more technical debt becomes existential…

The fact that we have potential avalanche after avalanche of these existential technical debts to deal with, means beyond doubt that security practioners and snake oil salesmen will be happily in business side by side for some considerable time to come…

Clive Robinson • December 16, 2017 4:05 AM

@ tyr, Wael,

What happened to the “Deltas” that did the important things like “Telephone Sanitation”?

They might not be giants but we all stand on their shoulders to survive if not thrive…

As for those “essential fats”, they tend to be liggt lipids thus very slippery… So I’ll hand you back over to Wael…

Clive Robinson • December 16, 2017 7:50 AM

@ Wael,

It’ll shift by around 13 days eatlier every year.

You might want to take your mind off of breakfast –EATlier– and reword what you’ve said.

Hint see how the Chinese Luna calender works with Chinese New Year… Oh and 365/13 ~= 28…

Clive Robinson • December 16, 2017 10:49 AM

@ echo,

The El Reg article written by John Leyden you link to contains some obvious errors but the conclusion is spot on of,

[Eric] Filiol concluded that reforms were needed in the way that cryptographic algorithms are selected, analysed and standardised. “It should be a fully open process mainly driven by the open crypto community,” he maintains.

However back to the errors and ommissions, the easiest to spot is Eric Filiol’s assumption / assertion of,

Serious countries (USA, UK, Germany, France) do not use foreign algorithms for high-security needs. They mandatorily have to use national products and standards (from the algorithm to its implementation),”

Is easily dispensed with one acronym “NATO”. All the aliance countries have a need to intercommunicate securely not just at the tactical level but all the way up. Thus they use common crypto that is –assumed– to be sufficient against other superpowers[1]. One obvious aspect of this is the improved GPS system crypto modules to prevent certain kinds of attack that the Russian’s and North Korean’s (probably China) have developed and tested.

As for,

Our algorithm [was] made public in February 2017 and no one has proved that the backdoor is easily detectable [nor] have shown how to exploit it.”

This is an old chestnut, which you normaly find in the claims of “Snake Oil crypto algorithm sellers”. The fact that nobody has found anything does not mean it is difficult / impossible to find, more likely it means nobody has been bothered to look…

In fact Eric Filiol kind of admits this with,

“There is a strong asymmetry (based on the mathematics) between inserting a backdoor into an algorithm (what we did and which is supposed to be feasible and easy, at least from a computational aspect) and being able to prove its existence, detect and extract a backdoor”

AES got the academic scrutiny it did because there was significant benifits in not just submitting a candidate but looking hard to strike candidates down and out. Thus some but by bo means all serious open community cryptograpers had a look. Thus for “just another algorithm” Eric Filiol’s is not going to get more than a cursory glance, and even if not you still would not expect much progress in 10months (people do have other commitments –like keeping their job– that will be of a much higher priority).

What we do know is that the design that is now AES was neither the fastest or most secure algorithm in the competition, and worse used an entirely new crypto function. Thus unsurprisingly some people still harbour suspicions about it.

However as I’ve pointed out in the past the NSA certainly “rigged the contest” for AES with high probability. If you think it through, of this there is little doubt. Because they deliberatly left out “side channel” testing, which they would be more than well aware of the need for. Instead they put the emphasis on “speed / efficiency” both of which open up time based side channels big time that seriously leak information especially KeyMat bits.

They also made the “contest code” publicly as a precondition of entry, knowing that code cutters would just “cut-n-paste” the contest code into their products. Which supprise supprise is exactly what happened. In one case it was with a very popular crypto library… There are still copies of such time based side channel riddled AES code still in use… If you dig just a little and check the public information on NSA kit that uses AES like their IME you will see suprise suprise it is not certified except for “data at rest”, which is a very big hint backed by large red flags and “here be dragons” writ large.

Which means if you encrypt / decrypt files whilst “on-line” the SigInt agencies such as GCHQ, NSA et al can from a close upstream node get the side channel times, without touching any where you can see their pressence…

Which is why this comment made me not only laugh ruefully but shake my head in a wry way as well,

“If I cannot prove that the AES has a backdoor; no one can prove that there is none,” Filiol told El Reg. “And honestly, who would be mad enough to think that the USA would offer a strongly secure, military grade encryption algorithm without any form of control?”

A quick look at the history of the AES competition, shows that whilst it was organised by NIST much of it was done outside of the US. Whilst this would not preclude SigInt skullduggery in the selection process it would require several SigInt agencies working in a concerted way to “finesse it”. Which makes it less likely than the NSA putting the fix in with the setting up of the competition.

Sometimes though, all you realy need to do is walk around the problem a little bit and see it from a different perspective. It’s not as though the information is not already out there, and it’s fairly trivial to find and put together.

Also as I tend to keep mentioning 😉 when using AES “on-line” the attackers communications end point reaches beyond the users security end point. Thus all the attacker has to do is a simple “end run” attack around the application to get at the plaintext “User Interface”, which a shim etc in the driver code will do and has been done before with banking application malware on PC’s and Smart Phones…

Further due to this it is also equally possible for an attacker to use a “store and forward” process such that if you use the same machine to encrypt/decrypt “Off-Line” then go online they still get the plaintext. Which is why I repeatedly talk about “energy-gapping with a strongly mandated and instrumented choke point as the secure to insecure crossing transfer channel”.

Put simply for the main target audience of the NSA they don’t need to actually backdoor the AES algorithm…

Which brings us onto Eric Filiol’s comment of,

“I am convinced that all export versions of encryption system contain backdoors in one way or another. This is a direct constraint from the Wassenaar agreement. In this respect, the crypto AG and other companies

Read the first part of that again… He’s talking “systems” not “algorithms” here, which as I’ve said above is a racing certainty with regards time based side channels.

Years ago I did a proof of concept that leaked KeyMat info via side channels, not in the main algorithm but in the usage mode algorithm which is way easier to “backdoor”. It’s not to hard to do and as difficult to detect as it is to factor an RSA key (see the work of Adam Young and his accademic supervisor Moti Yung and “Cryptovirology”). To make a time based side channel “less obvious” you can use the priciples of “Low Probability of Intercept” (LPI) radio systems. Put simply you add “timing jitter” via a Direct Sequence Spread Spectrum” modulator. Look up how some DRM systems worked at the end of the 1990’s and also the “JitterBugs” system that Prof Matt Blaze and his students Gaurav Shah and Andres Molina published…

As for the Crypto AG backdoors the NSA released in 2015 two copies of the same memo that had been redacted differently revealing quite a bit of the story. But part of it was still missing, and I was realy supprised when researchers and investigative journalists did not put other parts of it together.

For example you look up the countries that got the backdoored Crypto AG equipment you will find that one of them is Egypt… Now if you also happen to have a copy of Peter Wright’s “Spycatcher” in there you will find out what one of the “oh so secret” but still not admitted techniques, that nearly caused Maggie Thatcher “to go red” with appoplexy (she certainly tried to bring the entire legal power of the State down on his head).

It was “An Acoustic Side Channel”. Peter Wright and his side kick Tony Sale (of Bletchly Trust fame) who worked for the UK’s MI5 had tapped the phone that went into the Egyption Embassy Crypto Room and using their “hook switch jumping” technique, they could hear the mechanical cipher system in use. From it’s audio signiture they could tell a great deal about the wheel settings in use. This info went not just to GCHQ but back to the NSA and thus onto Crypto AG who made very slight mechanical changes to make the sound signitures easier to detect. Which I gather went into all their electromechanical cipher systems even those sold to friendly nations.

As I said I’m realy supprised that this has neither been leaked or found by researchers / journalists. For years GCHQ thus the NSA had been trying to keep the acoustic side channel unknown as it’s one of the best “air-gap crossing” techniques there is… I thought that the BadBIOS events would have finnaly made the penny drop, but apparently it did not.

So there you go “You heard it first on Schneier on Security”, yet again 😀

No doubt a certain Israeli Universtity will have a paper out about it in a month or so 😉

[1] For the higher levels, especially between fixed points with good physical security, it’s a reasonable bet that whatever the base encryption system is, it will probably use Super Encryption which may well be the good old fashioned “One Time Tape”…

Clive Robinson • December 16, 2017 11:33 AM

@ Rachel,

Cringed by the ‘…my feeling is its either China or Russia’. I recall we gave him a hard time about that at the time, too

Yes we did, and for my sins I still do in a way. The attribution problem is as I keep pointing out a difficult one, usually riddled with assumptions. It’s why I look for legal levels of proof in anything said. My view was and still is that I do not feel it wise to make a call on the outpourings of unnamed insider commentors quoted in newspapers who are in effect briefing a policy view point not fact. Which means I appear to be sitting on the fence…

However even long before that I’ve been pointing out “The Army of One” issue, or as someone else put it “The 400lb teenager sitting in their underpants in the back bedroom of their parents house problem”. The underlying issue with information attacks is there is effectively an infinite force multiplier with zero cost to the attacker… Thus all the effort is in the design of an information weapon not it’s deployment.

Where it goes wrong with “gut calls” is our physical world bias. Which in effect says “big deeds require big power”. Which is an implicit and often wrong assumption and makes fools of us all if we don’t double check.

I guess I look at the world differently to most which is why I also called “North Korea” as the US target for Stuxnet, that much later got reported as such.

Whilst I don’t mind disagreeing with people or object when they disagree with me, if we both bring our facts and reasoning to the table it usually comes down to the “indefinables” as to which way you call it, which is fine nobody has a perfect view of events.

What does make me cringe though is people calling loudly and often rudely their unreasoned gut feeling as though it’s handed down on stone tablets. Which has become almost a policy of the current political times where there has to be an existential threat to feed the press and public so they rant about that rather than the substantive issues…

Clive Robinson • December 16, 2017 2:03 PM

@ Albert,

Although I don’t think ‘Boom Supersonic’ is a good choice for the company name

How about “Rip Offs unlimited”? The design is The Anglo-Franc Concord, with a different set of enginees…

Mind you ripping off Concord’s design is nothing new, the Russian’s did it with the ill fatrd “Koncordski” that had the little cannard wings and got jet washed into the ground when a french fighter on a photo reconasonce flight crossed it’s path…

Then NASA, rather than come to the British who had designed Concords wings etc, went to the Russian’s but little came of it…

The thing is the demand for flying cramped up in a toilet roll tube at mach 2 etc is not that much fun, and traveling in a supersonic aircraft is one of those “status” symbols of certain types…

Oh and there’s the double jet lag issue when you fly from East to West of ariving before you left which is just plain weird. Mind you they did let you get away with stealing the glasses and cutlery…

Clive Robinson • December 16, 2017 3:08 PM

What Madness in Mozilla?

It would appear Mozilla are upseting people by taking commercial backhanders and enabaling what some think is in effect malware.

One unhappy user has basically said no more, but more vociferously,

https://drewdevault.com/2017/12/16/Firefox-is-on-a-slippery-slope.html

Clive Robinson • December 17, 2017 12:37 AM

@ echo,

I was reading the obiturary of Professor Heinz Wolff

I met him once or twice when I was younger, and he was as mad and full of zest in real life as he appeared on TV.

He was an early recipient of a pace maker, years ago. And as he new his students would be concerned, he built a life size working model to show them how it all worked. There’s a photo of him holding it at the hospital with even the cardiologist looking impressed.

One of natures “nice guys” who could even get granny excited about science and the world around us. He’s left a hole that is going to be difficult to fill even half as well.

Clive Robinson • December 17, 2017 1:25 AM

@ Wael,

Oh, wait a sec! Historically that’s a bad example 😉

Not half, that’s why “our colonial cousins” call us “limeys”…

It could have been worse we should by all rights have been called “Lemonys”…

It was back in the late 1759’s that Scottish surgeon James Lind carried out what is now called “The world’s first clinical trial”. He carried it out on British Royal Navy sailors who were suffering and in quite a few cases dying quite horrible deaths from scurvy. From what we would now call “observational data” he concluded that something was missing from the British sailors diet. Then carried out a trial bassed on the data concluding that lemon or lime juice prevented scurvy.

We now know that scurvy is a disease caused by a lack of vitamin C and where it is most easily obtained. But back then it was just the juice of preserved lemons and limes.

Thus attempts were made to try to get supplies of preseved lemons. But for political reasons access was denied so the less palitable by a long way lime had to be used.

The quantiry originaly required back then realy was quite large thus it was with considerable reluctance it was drunk.

To make it more palatable many sailors drunk it with their rum ration. Which whilst still bitter actually became quite popular. It’s popularity went up even further with the addition of raw cane suggar and thus one of the earliest cocktails had been made.

It was another Scott that actually got limes into British homes by developing rathee nice version of marmalade…

Anyway with regards ancestors mine are mainly Scottish with some Ebglish and German.

Oh and I’m told I look more like a younger “Bob ‘the bear’ hite” from Caned Heat, than I do a Klingon… It’s funny in a way because for a number of years I had the nickname of “Bru” short for the Dutch word for brown “Bruin” that became synonymus for “”

Clive Robinson • December 17, 2017 10:07 AM

@ Hermann,

The persistent rip-off stories are just plain nonsense. If they really ripped something off, then it would have been better!

So you are definitely claiming it’s a canard then 😉

Which ever way the French certainly believed it and that –allegedly– was the reason it went down in Paris…

Speaking of ripoff claims, stay tuned,

@ 65535,

Yes, but that is relatively small compared to the Japans Mitsubishi F-2B/F-16. K-street consultants at work against the USA.

Hey that’s the Japanese just giving a little friendly competition…

If you want the real action, how about the Chinese –allegedly– stealing the plans for the F-35 and thinking they had been given duds, thus reworking the design and got their protypes up and running a year or so before the first F-35’s started droping bits in US airspace (or so the story goes 😉

I just love these stories because they always have a germ of truth and hype about them. Having caught the French actually doing not just industrial espionage but also trying to jam other peoples sales demonstrations, it gives me a chance to kick back with a bowl of popcorn to watch the entertainment.

Speaking of which I’m sitting in the members room of a venerable institution in Greenwich South East London across the road from the old nuclear reactor, watching the tourists trog by below and playing the “Guess the Nationality” game over a drink in the warm and dry… It realy is a dirty grey damp and chilly PM, and would be sunset over the Royal Observitory if there was a break in the clouds… The sort of weather were you can not work out if it’s a British Summer or Winter…

Clive Robinson • December 18, 2017 7:30 AM

@ Anonymous2c,

Is Calibre still considered a good way to remove DRM from Amazon books?

It’s not the DRM I care about it’s the bl@@dy SpyWare it contains.

The IP stealers like Amazon use DRM as an excuse to commit all sorts of excesses and hide them behind the DMCA.

They are without doubt moraly lower than a snakes nads in a wheel rut at the bottom of Death Valley, and those that run it should be staked out on vulrure watch next to said wheel rut 😉

Clive Robinson • December 18, 2017 7:54 AM

@ Alejandro,

Isn’t Signal’s end to end encryption rock solid and invincible?

Who knows or cares, when you can just walk around it with a simple hack?

I keep saying this[1] but, If your security end point is before the attackers communications end point then without very specialised hardware and software techniques you have no real security…

I would expect Moxie Marlinspike to be more than aware of this problem, so he is in effect selling Snake Oil when he talks about the security of the application.

Oh of the other version of Moxie’s work, one of the senior people in Blackwater was heard to comment “What security…” about it.

The only people fooling themselves about it’s security is the users, who either can not think technically or do not have access to basic technical information.

After all our host @Bruce has blogged and written into atleast a couple of books, as have Ross j. Anderson, Moti Yung and several others about “The weakest link in the chain” when it comes to security systems, and it’s oh so very rare that it’s the crypto algorithms.

Even the NSA’s chief Scientist Bob Morris made it clear that the NSA went after “plaintext” first.

1, Plaintext.
2, Implementations.
3, Protocols.
4, Standards.

Are the main areas they go for before they even think of Crypto Analysis.

With consumer devices the SigInt agencies in nearly every First World Nation, do not need to go to second base. In part because the FiveEyes stiched uo the protocold and standards years ago… Do you think that Dual EC was their first attempt at “finessing” or just their worst so far, because they got first lazy then compleatly incompetent and sent a socialy inept idiot[2] in to the NIST technical committee?

[1] Searc this site for “end run” attacks and you will find I’ve been saying it for more years than I care to remember.

[2] There is no need for me to name the person, you can google it in about five minutes top. I guess however it will be interesting to google their career from now onwards just to see how further they rise, as that level of incompetence usually gets rewarded.

Clive Robinson • December 18, 2017 8:07 AM

@ Rachel,

a pleasure to hear you are out and about having a drink in venerable members clubs. You would belong to those that would have you as a member ? 😉

Well I make the occasional exception… As Buzz Aldrin said to me when we chatted briefly about the use of the Hasalblads, the most important thing in photography as it is in many things in life is not the small faults and failures, but,

Location Location Location

B-)

Clive Robinson • December 18, 2017 10:11 AM

Facebook fess up to mental harm but…

On the front page of UK Newspaper “The Times” the banner article is about mental health and Facebooks social media.

The first paragraph says,

Facebook has finally conceded that social media can harm mental health but it proposed that users improve their wellbeing by posting more updates and comments.

I shall resist the “Only in the US…” urge and make an observation. When dealing with other habbits that seriously effect mental health and thus have wider issues, the medical advice where possible is “abstinence”.

That is if you are an alcoholic you are told “You have to stop drinking”. Even with people who are morbidly obese they are told “You have to stop eating X,Y,Z” (as you have to eat something to survive).

Facebook and social media in general falls in the former not latter category. That is you usually stop social media dead and not come to any serious health issues (other than withdrawals).

The massively “self interested” view point from Facebook is like a drug dealer suggesting you go for cocaine rather than crack… As they help thrmself to even more profit from extracting data from your postings…

I guess some Silicon Valley walnut corridor managment realy have less morals than those teenager’s pushing smack onto younger children so they can get their own fix as a slice of the action…

Clive Robinson • December 19, 2017 12:59 AM

@ BS PM BS,

You’re playing with Fire. I’m itching to get even, you almost killed me with friendly fire 😉

Is that the sort of fire that crackles gently in it’s place/grate, providing a warm glow of heat and light, that generaly gives a feeling of peace and contentment in those that are close to it?

Untill of cause the chimney explodes in a ball of fire and destruction because you forgot to sweep out your flu?

Speaking of which, you possibly know that in the UK we used to make our chimneys large enough to send small children up? Where as in the US having a shortage of children they came up with a different solution…

Blacksmiths made a contraption that looked vaguely like a large pair of scissors, that had turned over tips and small cannon balls where the handles would be. Around thanksgiving time you went and caught a wild turkey in a net or other “keep it alive” trap. You then set up ladders or equivalent up to your chimney top.

As some will know the wild turkey whilst mainly ground dwelling can sort of fly in a very frenetic fashion given enough provication, oh and it’s a fairly mean and vengeful beast if you do provoke it, as it’s beak and claws have a lot of muscle behind them and a short fuse brain that sees most things including potential mates as either food or a provocation.

Thus having caught your wrestling companion and subdued it by wraping it in a blanket or strong cloth that keeps out light, you then tie each foot of the wild turkey to one of the turned over tips and keep it wrapped untill you get it up to the chimney. Where you would put the cannon ball end into the top of the chimney and carefully unwrap the wild turkey which would start flapping like crazy to escape. However the weight of the contraption you have just let go of would drag it down and it would flap even harder to escape. The final result would be the contraption reaching the fire place with the wild turkey still flapping like mad, oh and god alone knows how much soot from the chimney the turkey had dislodged on the way down…

As for the fate of the wild turkey, I’m guessing that it would be heading for the pot, after all it would be easier to just shoot it than try wrestling it back in the cloth/blanket and out the door.

So are we going to see a match between a wild turkey and BSPMBS?

P.S. You know BS PM BS can be read entirely differently in the UK with first BS reading as British Separatist, PM as Prime Minister and the second BS retaining it’s more normal meaning 😉

Clive Robinson • December 19, 2017 2:49 AM

@ Thoth, Nick P,

Why in the world would anyone need to install Intel ME to get Intel SGX ? Hmmm …. oh wait it says ‘Tools and Utilities section’. Hmmm …. 🙂 .

Yes how curious…

I can not say for certain but if you follow a little logical progression 😉

1, Intel SGX supposadly allows user-level code to allocate private regions of memory, or “enclaves”.

2, In theory, enclaves are protected from processes running at higher privilege levels.

3, However Intel ME is supposed to be not only above such considerations privilege wise, but also beneath any such considerations via direct memory access.

Thus I can only surmise that Intel ME can do whatever it likes with an enclave, which does not bode well with DRM insisting types. Or for that matter the IC entities who wanted to turn ME hard off.

As Intel screwed up big, –not for the first– time over ME and the fact that you could get access to it fairly easily…

Thus my guess would be that the ME upgrade is about to be come a requirment for everyone outside of a few select government entities, as Intel “papers over it’s cracks…

Personally I see every reason not to trust Intel or other CPU manufacturer who adds the equivalent of ME to their products, it is at it’s simplest a significant backdoor into a system, robbing you of the rights and privileges of ownership of the very expensive CPU. Thus you don’t own it, you can not trust it, therefore you should not use it.

I’ve mentioned ways to mitigate such a disaster using low power CPUs. Thoth, you likewise have mentioned using SIM cards as a method. There is however another way which Nick P has investigated which is to develop your own CPU based around the RISC V or similar open design. I can see quite a few countries going down one or more of these routes as a couple of non US Super Powers have already done.

If people do go down the Open Design CPU route, I would suggest they also add a suitably large FPGA to it, as this seams to be the next logical pathway.

Clive Robinson • December 19, 2017 10:19 AM

@ Cassie,

You are playing from my songbook, although company is always welcome.

As the old saw has it,

Misery loves company

So you might get the “usual suspects” into a little choir, with @Bruce on the drums 😉

I can do a passable baritone when suitably libated, I find a good tea with crumpets suffices at this time of the year, prior to going door to door with a Carol or two (their such lovely twins — sorry had to slip that old joke in it’s better than the “stocking filler” line 😉

Clive Robinson • December 20, 2017 7:01 AM

@ 65535,

Had a look around and the two cases are not even blips in the noise in the UK media.

Which for various reasons is not that surprising as far as most of the MSM is concerned it’s waiting for the “Blunder-bus” that is the next step of the Brexit process –that less and less people want daily– to blow up yet again in an incompetent and increasingly unwanted governments face.

They MSM is way more hysterical than the technical press but even they are having “Brexit hot flushes”,

https://www.theregister.co.uk/2017/12/20/defra_brexit_it_plans/

Even the up coming Trump visit is pushed out of column inches by Brexit.

As for “The Russian Factor” that does not get a look in either…

So unless you like the thought of a bunch of greasy old Commissioners and Politicians wrestling over who can make the other side look more stupid and failing in that they all look bad then The UK is not the place for news.

Clive Robinson • December 21, 2017 5:13 AM

@ Bob Paddock,

So what is your hack for this machine?

There is insufficient information in the blurb to give a specific answer. That said I can tell you some of the things you need to think about when making a system hack-resistant, and you end up with the realisation that security is probabilistic in nature.

Modern computer systems work on having a very powerful compute engine and vast amounts of memory.

Whilst this is great for code cutters, it’s even better for malware writers as it gives them lots of space and spare cycles to play with. Thus their comparatively small and efficient code hardly gets noticed in the noise of the code cutters inefficiencies and waste.

One way to get ride of some malware is not to give it any memory space to exist in. That is if there is no spare / free memory they are forced to change existing code. Often this is not a problem because with enough inefficiency by the code cutters, the malware can do tricks to tighten their code to make space for it’s self. However that needs a certain minimum of space. It can also end up burning quite a few extra CPU cycles, thus changing the timing signiture of the executing code. The problem with hugh monolithic slabs of code is their time signitures are way to complex to easily analyse.

There is however another issue, of a bit of mathmatics from before Turing/Churches work in the 1930’s. In essence it tells us that a computer can not tell you if it is running malware or not, because at the end of the day once malware is on the system it’s routed and it does what the code tells it to do.

Thus there are three problem areas you can attack that will increase your ability to detect malware.

Firstly is to seperate out the CPU from main memory and give it the minimum access required for it to do a given task. The way to do this is with a piece of hardware that is usually used to do the opposite with “Virtual Memory” (VM) the “Memory Managment Unit” (MMU). The problem with this is that most MMUs are controled by the CPU so any malware on the CPU can change the MMU settings and you’ld mostly be none the wiser.

Thus the MMU has to be controlled not by the CPU but another mechanism designed to enforce security. Thus you end up with a second monitoring system or Hypervisor.

Thus you get a hierarchy of mechanisms, at the bottom the CPU’s doing the required work. This is gated in behind an MMU controled by a hypervisor controled in turn by a supervisory system. Thus you have the makings of an effective system to limit the amount of main memory an individual CPU has access to.

The question then arises can such a system provide other functions. To which the answer is yes. You can have multiple work CPUs controlled in the same way. By applying the processes of “parallel programing” you can split the large monolithic slab of code down into smaller parts that run on multiple work CPUs. The reduction in code on any individual CPU reducess not just the complexity for the code cutters it makes any malware writers task more complex. But as each code unit becomes less complex it’s operating signiture becomes more defined thus easier to monitor.

If you break the code down far enough you end up with “common function tasks” or tasklets with clearly defined signitures not just of execution but of values in locations of memory. Thus a hypervisor can monitor not just the expected timing signiture but by halting a CPU go and perform a check on the memory and see any changes.

A real upside of this is that the tasklets can be viewed like secure versions of the utilities that are used in rapid design via shell scripting.

From managments perspective having code cutters work at this higher programing level makes them not only more efficient it can make code reuse more effective.

But if you have a CPU for each tasklet, you end up with many CPUs that the hypervisor selects and assigns in some apparently random manner making a malware writers problem even more difficult. Thus it is like having address stack randomization on steroids and speed…

In essence this appears to be what the UoM have “re-invented”…

I can go into greater depths and other further security benifits. But I have talked about it in a lot of depth in the past on this blog for what feels like a decade under “Castel-v-Prison” or C-v-P.

As normal the industry is slowly catching up with what gets discussed on this blog and I find it hard to believe that with the frequency of such “re-invention” that in some cases it is more of a “Cut-n-Paste and quick rename”, that would otherwise be called plagiarism…

Clive Robinson • December 22, 2017 3:35 AM

@ 65535,

As I understand, the BBC is funded by the UK upper class and mostly controlled by that class.

The BBC’s funding comes from a “licence fee” that all TV users and Live2PC users of their video content are legaly obligated to buy. And legaly the BBC are required to provide “balanced reporting”.

The downside of “balanced reporting” is as implemented the way the current government incumbrents want it lets the “crazies” have a voice to spout their nonsense effectively unchallenged. Which was quite noticable during the Brexit run up.

Unfortunatly the current political encumbrants have used it as an excuse to get what are seen as rapid pro right wing types like Sahra Sands to move in in editorship positions much to the detriment of flagship programs. In essence she appears to be replacing “Social news” with “Society frappery”. Thus much that would be an embarrassment to the current political encumbrants gets diverted for non politicaly embarrassing “fill”. It’s known to be of concern to those at board level and senior managment.

There are also questions arising as to what she is upto… She used to be editor at the Evening Standard on more than twice her now BBC salary. Also her leaving was quite sudden and left her position open to be filled by the Ex Chancellor George “gidiot” Osborne who had just been sacked by the replacment Prime Minister Theresa May. Her leaving appears to have ruffled no feathers, thus appears not just pland for some time but with the full support of various people. Gidiot is now having a “rapid fire” snipper policy at May and Co. So in one move Sarha Sands has curried favour with both factions in the Conservative Party. Which is why many are wondering what the “Pay Off” will be, and when.

https://www.theguardian.com/media/2017/oct/28/radio-4-todays-editor-sarah-sands-interview